# Begin: Custom commands for incoming e-mails BEFORE decryption
log(1,'Begin: Custom commands for incoming e-mails BEFORE decryption');

# Begin: Sign internally routed e-mails, marked to be SIGNED
log(1,'Begin: Sign internally routed e-mails, marked to be SIGNED');

if (from_managed_domain()) {
	log(1,'E-mail is from managed domain...');
	if (!compareattr('connect_from', 'equal', '127.0.0.1')) {
		log(1,'...not form localhost...');
		if (check_sender(false, false, true)) {
			log(1,'...but is not allowed to relay, dropping');
			drop('554','5.7.1 Relay access denied');
		} else {
			log(1,'...and is allowed to relay, signing e-mail, if keys are available');
			$custom_sign;
		}
	} else {
		log(1,'...but generated on localhost, going on in standard ruleset');
	}
}

log(1,'End: Sign internally routed e-mails, marked to be SIGNED');
# End: Sign internally routed e-mails, marked to be SIGNED

log(1,'End: Custom commands for incoming e-mails BEFORE decryption');
# End: Custom commands for incoming e-mails BEFORE decryption